General
-
Target
ZiraatBankasi-SwiftMesaji20221121.exe
-
Size
1003KB
-
Sample
221123-h4x77seh57
-
MD5
394f30cac9eef76036a281aba4a390ac
-
SHA1
9c764db3dccde0a69d915cdb1e1d8041c2353f8e
-
SHA256
167142b256a43661a934dac8d2e84d1167e66022acb9e374e4542adbaceff753
-
SHA512
ff2ed218d39a2d78e805c2d26729da29c37cc2d61c7ab64ac982a0097dad4e1c690465c348702555143120aaa1b0986f61252b811d1d9712bd41d24fa59c916b
-
SSDEEP
24576:td3yd+KevnuWLrR7wOwZQroOpUTLHh5er4+L74mBfNUstzo:td3W0pwBaoOpuHhI
Malware Config
Extracted
formbook
go5o
fS9ce6bj/U7J6Q==
KPSUZUVU42J3IaXPjqsA
cDR9Sz1n2BN9eTutNa2QNg==
POJskuyBUqUdVp2wiI8=
t9gcQ5yNydIfrO4=
9oakDnoh0VXC
o2Z9n/2iYtDFcJ2wiI8=
GLBJZsgVkt3eXZragNJjYiGQ
axuNlck5BkA8plrI
khk2/+G5g43K
Fauoa7FQG6EN2QyITg==
fgaVrOb4mLl1KGNUX6jkXCU=
HQkML53cm6Ae+zIhRg==
TBodPq4E4AJylpZiNa2QNg==
wHghSq49EVU54E8mChOvRi5W3cn3ItLVVw==
rET2JY8u+TgVpzRtRF54Kw==
b0mCXc5pcXHZ9A==
QfuIoOgHl9IfrO4=
87fV+WQT5IKlSnTqmb6SbSMctA==
E+Yg8EqQKJi9XJKVqrA2i9TO78H53I97
Targets
-
-
Target
ZiraatBankasi-SwiftMesaji20221121.exe
-
Size
1003KB
-
MD5
394f30cac9eef76036a281aba4a390ac
-
SHA1
9c764db3dccde0a69d915cdb1e1d8041c2353f8e
-
SHA256
167142b256a43661a934dac8d2e84d1167e66022acb9e374e4542adbaceff753
-
SHA512
ff2ed218d39a2d78e805c2d26729da29c37cc2d61c7ab64ac982a0097dad4e1c690465c348702555143120aaa1b0986f61252b811d1d9712bd41d24fa59c916b
-
SSDEEP
24576:td3yd+KevnuWLrR7wOwZQroOpUTLHh5er4+L74mBfNUstzo:td3W0pwBaoOpuHhI
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-